Email this article to a friend

NASA, IRS hit in international cyber hijacking

Wednesday - 11/9/2011, 7:55pm EST

By TOM HAYS
Associated Press

NEW YORK (AP) - NASA and the Internal Revenue Service were among the victims of a crew of Internet bandits. The hackers devised an international scheme to hijack more than 4 million computers to generate at least $14 million
in fraudulent advertising revenue, federal prosecutors said
Wednesday.

About 500,000 computers in the United States were infected with
malware, including those used by ordinary users, educational
institutions, nonprofits and government agencies, U.S.
Attorney Preet Bharara said at a Manhattan news conference.

Bharara called the case "the first of its kind" because the
suspects set up their own "rogue servers" to secretly reroute
Internet traffic to sites where they had a cut of the advertising
revenue.

Six of the seven people named in the indictment were Estonians
who were in custody in that country, and extradition was being
sought, prosecutors said; one Russian remained at large. As part of
the takedown, the FBI disabled the rogue servers without
interrupting Internet service, authorities said.

The problem was first discovered at NASA, where 130 computers
were infected. Investigators followed a digital trail to Eastern
Europe, where the defendants operated "companies that masqueraded
as legitimate participants in the Internet advertising industry,"
according to an indictment unsealed on Wednesday.

The defendants "engaged in a massive and sophisticated scheme
that infected at least 4 million computers located in over 100
countries with malicious software or malware," the indictment
said. "Without the computer users' knowledge or permission, the
malware digitally hijacked the infected computers to facilitate the
fraud."

Once their computers were infected, people seeking to visit
Netflix, the IRS, ESPN, Amazon and other legitimate sites were
redirected to sites where the defendants collected income for each
click on an ad, authorities said. The malware and corrupted servers
also allowed the defendants to substitute legitimate ads on other
websites with replacement ads that earned them more illicit income,
they added.

"On a massive scale, the defendants gave new meaning to the
term `false advertising,"' Bharara said.

The indictment estimated the defendants "reaped least $14
million in ill-gotten gains" over a five-year period.

(Copyright 2011 by The Associated Press. All Rights Reserved.)

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.